From the Attacker’s Playbook to Your Pull Request

Introducing SecMate Beta Release

Before founding SecMate, we spent most of our careers in the trenches of cybersecurity and vulnerability research, often on the attacker’s side of the field.

Our offensive security approach revealed vulnerabilities in some of the world’s most secure devices, showing us firsthand how complex systems fail. We also pioneered using machine learning for security research, developing techniques to bypass protections long before LLMs (Large Language Models) made headlines.

Throughout our experiences, we were consistently struck by the same reality: there’s a painful disconnection between the tools that development teams are given and the real-world security challenges they face.

We felt a growing sense of responsibility to help bridge this gap.

This is why we started SecMate.

The Challenge We All Face

We aim to make developers’ lives easier by focusing on real vulnerabilities and uncovering complex flaws that would otherwise remain hidden.

We have witnessed the productivity bottleneck that development teams face when shipping features at incredible speed while maintaining security [1].

What struck us most was the diversity of experiences. Some developers shared that they struggle to understand how security relates to their daily work. Others described feeling overwhelmed by security requirements. Security leaders told us about spending countless hours fine-tuning tools as strict settings flood teams with false positives, while relaxed configurations miss important issues. Academic studies confirm they are not alone: SAST tools detect on average only 12.7% of real-world vulnerabilities [2], with detection rates highly dependent on settings [3].

These valuable conversations and research findings revealed a pattern: well-intentioned security tools often create additional complexity. Teams described dealing with alert fatigue and struggling to identify which issues truly matter [4]. This helps explain why most applications still have security flaws, even after years in production [5].

Despite the recent rise in AI-driven security products aimed at solving some of these challenges, the latest academic findings show that off-the-shelf LLMs struggle with the deep semantic reasoning required for security [6].

The challenge is not about assigning blame. It is about bridging the gap between what development teams need and what current tools provide.

Our Approach, Derived from Field Lessons

We believe security tools should empower developers and protect end users. So, we built SecMate on the direct lessons from our research: analyzing the Samsung boot chain [7], finding unintended code execution paths on Google’s Titan M [8],[9], and using Machine Learning and Ensemble Learning to remove code obfuscations [10], [11].

We learned that the most critical vulnerabilities are not simple syntax errors, they often are complex architectural flaws (e.g., Samsung’s Odin protocol vulnerability [12]). Our purpose is to design SecMate to find those specific security issues on complex codebases.

Moreover, recent studies have also shown that LLMs struggle to track relationships across data and control flow [6]. Thus, relying only on prompt engineering is not enough. In some cases, they even perform no better than random guessing on realistic samples [13].

You might wonder how SecMate addresses these challenges:

  1. A Deeper Code Understanding with Intermediate Representation (IR): SecMate lifts your source code into a common IR that preserves the semantics of your code. This allows for a much richer analysis than just scanning raw text and is considered a vital way to overcome the limitations of LLMs alone [14].

  2. Analysis Guided by Research, Not Just Rules: We combine static analyses from formal methods techniques with custom rules and patterns learned directly from our offensive research. This enables SecMate to find nuanced, high-risk vulnerabilities, that other tools often miss.

  3. Actionable Guidance in Your Workflow: SecMate delivers clear findings directly into your pull request. Instead of just flagging a problem, it provides context and, where possible, a guided fix you can review and merge. Our goal is to make real security a productive part of the development process.

And this is just the beginning.

Who We Hope to Help

SecMate is built as a versatile security solution for any codebase. However, we are starting with a focus on the domains where our expertise runs deepest and where current tools may fall short:

  • Embedded systems and connected devices
  • Mobile applications

Join Us In Building the Solution

We are looking for design partners to help us shape the future of SecMate. This is not just about trying a new product: it’s an invitation to collaborate and shape security to your needs.

Your feedback will be critical in helping us build a solution that truly solves the problems we all face, not only during development, but also for users once solutions are in production.

Acknowledgments

No product is built in a vacuum, and we are incredibly grateful for the support we have received on this journey so far.

Our sincere thanks go to our early design partners and beta-testers who placed their trust in us and are providing invaluable feedback. Their insights are directly shaping the future of SecMate. We are particularly indebted to our technical advisor, Philippe Teuwen, whose guidance and support are critical.

Finally, we want to thank and acknowledge our great former colleagues at Quarkslab. It was an environment that fostered the deep technical curiosity that underpins our work, and we are grateful for the years spent learning and growing alongside such a talented team and amazing clients.

References

  • [1] IT Pro. “Developers spend 17 hours a week on security — but don’t consider it a top priority” IT Pro Today, March 28, 2025. Article

  • [2] Kaixuan Li et L. “Comparison and Evaluation on Static Application Security Testing (SAST) Tools for Java”. ESEC/FSE 2023. PDF

  • [3] Richard A. Dubniczky et al. “CASTLE: Benchmarking Dataset for Static Code Analyzers and LLMs towards CWE Detection”. PDF

  • [4] Filiz Mizrak et al. “Exploring the impact of cybersecurity fatigue on employee productivity and mental health.” PMC

  • [5] Help Net Security. “70% of apps contain at least one security flaw after 5 years in production.” Help Net Security, January 13, 2023. Article

  • [6] Yangson Li et al. “SV-TrustEval-C: Evaluating Structure and Semantic Reasoning in Large Language Models for Source Code Vulnerability Analysis.” IEEE S&P 2025. PDF

  • [7] Maxime Rossi Bellom, Raphaël Neveu, Damiano Melotti, Gabrielle Viala. “Attacking Samsung Galaxy A* Boot Chain, and Beyond.” BlackHat USA 2024. Link

  • [8] Maxime Rossi Bellom, Damiano Melotti. “Attack on Titan M Reloaded: Vulnerability Research on a Modern Security Chip.” BlackHat USA 2022. Link

  • [9] Maxime Rossi Bellom, Damiano Melotti. “Attack on Titan M: Vulnerability Research on a Modern Security Chip.” TROOPERS 2022. Link

  • [10] Ramtine Tofighi Shirazi et al. “Defeating Opaque Predicates Statically through Machine Learning and Binary Analysis.” SPRO 2019. PDF

  • [11] Ramtine Tofighi Shirazi et al. “Fine-grained static detection of obfuscation transforms using ensemble-learning and semantic reasoning.” SSPREW 2019. PDF

  • [12] Maxime Rossi Bellom et al. “When Samsung meets MediaTek: the story of a small bug chain.” SSTIC 2024. PDF

  • [13] Jie Lin and David Mohaisen. “From Large to Mammoth: A Comparative Evaluation of Large Language Models in Vulnerability Detection.” NDSS 2025. PDF

  • [14] Andrew Arash Mahyari. “Harnessing the Power of LLMs in Source Code Vulnerability Detection.” IEEE MILCOM 2024. PDF

The SecMate Team